Charles Wright

Information Leakage from Encrypted Voice over IP: Attacks and Defenses


In this talk, I describe two side-channel traffic analysis attacks on encrypted voice-over-IP calls and a novel technique for efficiently defending against such attacks. We begin with a review of the basics of speech coding to understand how and why information can leak out of an encrypted VoIP call. We then discuss the techniques for recovering hidden information: first, how to identify the language spoken in the call, and then how to spot particular phrases. Our techniques are completely speaker-independent, and require no recorded examples of the target phrase. Nevertheless, we show that they achieve surprising accuracy on widely-used speech corpora. Finally, we consider methods for limiting this information leakage. Experimental results show that an intelligent, adaptive adversary can convincingly deceive such traffic analyses while incurring much lower overhead than previously expected.


Dr. Charles V. Wright is currently a technical staff member in the Cyber Systems Assessments Group at MIT Lincoln Laboratory, where his research interests include network testbeds, synthetic traffic generation, adversarial machine learning, and low-artifact instrumentation for the analysis of malicious software. Dr. Wright received the B.S. degree in computer science from Texas A&M University in 2002 and the M.S.E. and Ph.D. degrees in computer science from the Johns Hopkins University in 2006 and 2008.